JP2008217102A - Information processor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reinforce security regarding an information processor. <P>SOLUTION: An MFP is connected to an authentication device, and is provided with: a user authentication part (S05) for authenticating an operator; an entrance information acquisition part (S03) for acquiring an authentication result by the authentication device; and a function restriction part (S08 or S09) for making functions for permitting an authenticated user to execute processing different in a case that the same user as the pertinent user is authenticated by the authentication device (YES in S07), and in a case that the pertinent user is not authenticated by the authentication device (NO in S07). <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, and more particularly to an information processing apparatus having a function of authenticating a user who operates.

  In recent years, multifunction devices (MFPs) equipped with a hard disk drive (HDD) have appeared as a large-capacity storage device, and this multifunction device is used by a plurality of users and further connected to a network. Remotely controlled from a computer connected to the network. For this reason, in order to manage the data stored in the HDD for each user, the access to the data is restricted so that the data can be accessed on the condition that the user authentication is successful.

  For example, Japanese Patent Laid-Open No. 2002-171503 discloses a method in which a server and a plurality of terminal devices are connected via a network, and whether or not a digital image in the server is accessible is determined based on a device-specific identifier of the terminal device. Has been.

However, if the authentication information is known to another person for some reason, the other person can freely use the data stored in the HDD. For this reason, it is preferable to increase the strength of authentication.
JP 2002-171503 A

  The present invention has been made to solve the above-described problems, and one of the objects of the present invention is to provide an information processing apparatus with enhanced security.

  In order to achieve the above-described object, according to one aspect of the present invention, an information processing device is an information processing device connected to an authentication device, and authentication means for authenticating an operator and an authentication result by the authentication device. When the same user as the user is authenticated by the authentication device, and when the same user as the user is authenticated by the authentication device, the authentication result acquisition means to be acquired and the function that allows the user authenticated by the authentication means to execute And a function restriction unit that varies depending on whether or not there is a case.

  According to this aspect, when the authentication is performed with a single device, the functions that are permitted to be executed are limited as compared with the case where the authentication is performed with a plurality of devices, and thus security can be enhanced. As a result, an information processing apparatus with enhanced security can be provided.

  Preferably, an operation screen transmission that transmits an operation screen to the communication terminal when authentication by the authentication means is successful based on the communication means that communicates with the communication terminal connected to the network and the authentication information received from the communication terminal. And the function restriction means, when the same user as the user successfully authenticated by the authentication means is not authenticated by the authentication device, compared to the case where the user is authenticated by the authentication device, The operation screen transmitting means limits the operation screens that can be transmitted.

  Preferably, the information processing apparatus is set in a room where the authentication apparatus manages user entry / exit.

  According to this aspect, the user who is in the room where the authentication device manages the entry and exit of the user and the user who remotely operates from the outside of the room have different functions that allow execution, so that the user who is outside can execute Functions can be restricted.

  Preferably, the information processing apparatus further includes a storage unit for storing data, and the function restriction unit restricts an access right to the storage unit when the same user as the user who has been successfully authenticated by the authentication unit is not authenticated by the authentication device. To do.

  Preferably, the information processing apparatus further includes function execution means for executing processing under set conditions, and history storage means for storing history information of functions executed by the function execution means, wherein the function restriction means is authenticated by the authentication means. If the same user as the successful user is not authenticated by the authentication device, access to the stored history information is restricted.

Preferably, the information processing apparatus further includes a destination receiving unit that receives designation of a data destination, and a transmission unit that transmits data to the received destination. The function restriction unit is configured so that the same user as the user who is successfully authenticated by the authentication unit In the case where the authentication is not performed, the specification of the destination that can be received by the destination receiving unit is limited to the destination of the user who is authenticated by the authentication device.

  Preferably, an image forming unit for forming an image is further provided, and the function limiting unit forms an image by the image forming unit when the same user as the user who has been successfully authenticated by the authentication unit is not authenticated by the authentication device. Limit the functions to be performed.

  Preferably, the information processing apparatus further includes storage means for storing data, and the function restriction means stores data stored in the storage means when the same user as the user successfully authenticated by the authentication means is not authenticated by the authentication device. The image formation by the image forming means based on the above is prohibited.

  According to another aspect of the present invention, the information processing device is an information processing device connected to the authentication device, the authentication means for authenticating the operator, and the authentication result acquisition means for acquiring the authentication result by the authentication device; Login permission means for permitting login on the condition that the user authenticated by the authentication means is authenticated by the authentication device.

  According to this aspect, since login is not permitted unless authenticated by a single device, an information processing device with enhanced security can be provided.

  Preferably, an operation panel for receiving authentication information is further provided, and the authentication unit performs authentication based on the authentication information received by the operation panel.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

  FIG. 1 is a diagram showing an overall outline of an authentication system according to one embodiment of the present invention. Referring to FIG. 1, MFP (Multi Function Peripheral) 100 as an information processing apparatus installed in room 1, authentication apparatus 200, personal computers (hereinafter referred to as “PCs”) 301 and 303, 1 and PCs 311 and 313 installed outside.

  MFP 100, authentication apparatus 200, and PCs 301, 303, 311, and 313 are connected via network 2. The authentication device 200 is installed near the entrance of the room 1 and is connected to an input terminal 250 that can be operated from inside and outside the room 1. The authentication device 200 manages entry / exit of users who enter / exit the room 1. The input terminal 250 controls the opening / closing of the door 3 at the entrance / exit of the room 1. For example, when the user causes the input terminal 250 to read authentication information stored in a magnetic card or an IC card, the input terminal 250 outputs the read authentication information to the authentication device 200. The input terminal 250 unlocks the door 3 when a signal indicating successful authentication is input from the authentication device 200. Thereby, the user can enter the inside of the room 1. The door 3 has an auto-lock function and is automatically locked when it is closed once. When the user leaves the room 1, when the authentication information stored in the magnetic card or the IC card is read by the input terminal 250, the input terminal 250 outputs the read authentication information to the authentication device 200. . As a result, the authentication apparatus 200 recognizes that the previously authenticated user has left the room 1.

  The network 2 is a local area network (LAN), and may be wired or wireless. The network 2 is not limited to a LAN, and may be a wide area network (WAN) such as the Internet, a network using a general public line, or the like.

  In the present embodiment, MFP 100 will be described as an example of the information processing apparatus. However, if it is an apparatus that restricts users permitted to use, instead of MFP 100, for example, a scanner, a printer, a facsimile machine, a personal computer, or the like. Etc.

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the authentication apparatus. Referring to FIG. 2, authentication apparatus 200 includes CPU 201 each connected to bus 209, RAM (Random Access Memory) 205 used as a work area of CPU 201, and ROM (Read) that stores a program executed by CPU 201. An only memory) 206, a hard disk drive (HDD) 207, a communication I / F 202 for connecting the authentication device 200 to the network 2, an input unit 204 including a keyboard and a mouse, and a monitor for displaying information 203.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the MFP. Referring to FIG. 3, MFP 100 includes a main circuit 101, a facsimile unit 11, and a communication control unit 13. The main circuit 101 is connected to an automatic document feeder (ADF) 10, an image reading unit 20, an image forming unit 30, a paper feeding unit 40, and a post-processing unit 50.

  The ADF 10 automatically conveys a plurality of documents set on the document feed tray one by one to a predetermined document reading position set on the platen glass of the image reading unit 20, and the image reading unit 20 The document whose image has been read is discharged onto a document discharge tray. The image reading unit 20 includes a light source that irradiates light to a document conveyed to a document reading position and a photoelectric conversion element that receives light reflected by the document, and scans a document image corresponding to the size of the document. The photoelectric conversion element converts the received light into image data that is an electrical signal and outputs the image data to the image forming unit 30. The paper feed unit 40 conveys the paper stored in the paper feed tray to the image forming unit 30.

  The image forming unit 30 forms an image by a well-known electrophotographic method. The image forming unit 30 performs various data processing such as shading correction on the image data input from the image reading unit 20, and the image data after the data processing is processed. Based on this, an image is formed on the sheet conveyed by the sheet feeding unit 40.

  The main circuit 101 includes a central processing unit (CPU) 111, a RAM 112 used as a work area of the CPU 111, a ROM 113 for storing programs executed by the CPU 111, a display unit 114, an operation unit 115, An HDD 116 as a capacity storage device and a data communication control unit 117 are included.

  The CPU 111 is connected to the display unit 114, the operation unit 115, the HDD 116, and the data communication control unit 117, and controls the entire main circuit 101. CPU 111 is connected to facsimile unit 11, communication control unit 13, ADF 10, image reading unit 20, image forming unit 30, paper feed unit 40, and post-processing unit 50, and controls the entire MFP 100.

  The display unit 114 is a display device such as a liquid crystal display (LCD) or an organic ELD (Electro Luminescence Display), and displays an instruction menu for the user, information about acquired image data, and the like. The operation unit 115 includes a plurality of keys, and accepts input of various instructions, data such as characters and numbers by user operations corresponding to the keys. The operation unit 115 includes a touch panel provided on the display unit 114.

  The data communication control unit 117 includes a LAN terminal 118 that is an interface for communication using a communication protocol such as TCP (Transmission Control Protocol) or UDP (User Datagram Protocol), and a serial communication interface terminal 119 for serial communication. . The data communication control unit 117 transmits / receives data to / from an external device connected to the LAN terminal 118 or the serial communication interface terminal 119 in accordance with an instruction from the CPU 111.

  When a LAN cable for connecting to the network 2 is connected to the LAN terminal 118, the data communication control unit 117 communicates with the authentication device 200 and the PCs 301, 303, 311, and 313 connected via the LAN terminal 118. . Furthermore, the data communication control unit 117 communicates with other computers connected to the Internet.

  When MFP 100 is remotely operated from PCs 301, 303, 311, and 313, CPU 111 transmits a login request for permitting remote operation to the remote operation source device from data communication control unit 117, and performs data communication control. The data communication control unit 117 receives a user ID and authentication information for identifying a user that the unit 117 receives from the remote operation source device. MFP 100 performs user authentication based on the received user ID and authentication information, and determines whether or not to permit login. Therefore, only a user registered in advance in MFP 100 can log in and remotely operate.

  When a device is connected to the serial communication interface terminal 119, the data communication control unit 117 communicates with a device connected to the serial communication interface terminal 119, for example, a digital camera, a digital video camera, or a portable information terminal. Input and output image data. The serial communication interface terminal 119 can be connected to a memory card 119A incorporating a flash memory. The CPU 111 controls the data communication control unit 117 to read a program to be executed by the CPU 111 from the memory card 119A, and stores the read program in the RAM 112 and executes it.

  The recording medium for storing the program to be executed by the CPU 111 is not limited to the memory card 119A, but a flexible disk, a cassette tape, an optical disk (CD-ROM (Compact Disc-Read Only Memory) / MO (Magnetic Optical Disc / It may be a medium such as a semiconductor memory such as an MD (Mini Disc) / DVD (Digital Versatile Disc), an IC card (including a memory card), an optical card, a mask ROM, an EPROM (Erasable Programmable ROM), or an EEPROM (Electronically EPROM). In addition, the CPU 111 downloads a program from a computer connected to the Internet. A program stored in the HDD 116 or a computer connected to the Internet may write the program to the HDD 116, and the program stored in the HDD 116 may be loaded into the RAM 112 and executed by the CPU 111. Includes not only a program directly executable by the CPU 111 but also a source program, a compressed program, an encrypted program, and the like.

  The communication control unit 13 is a modem for connecting the CPU 111 to the PSTN 7. The MFP 100 is assigned a telephone number in the PSTN 7 in advance. When a call is made from the facsimile apparatus connected to the PSTN 7 to the telephone number assigned to the MFP 100, the communication control unit 13 detects the call. When the communication control unit 13 detects a call, the communication control unit 13 establishes a call and causes the facsimile unit 11 to communicate.

  The facsimile unit 11 is connected to the PSTN 7 and transmits facsimile data to the PSTN 7 or receives facsimile data from the PSTN 7.

  FIG. 4 is a functional block diagram illustrating an example of functions of the CPU 201 included in the authentication device 200. Referring to FIG. 4, an authentication information receiving unit 211 that receives authentication information from the input terminal 250, an authentication unit 213 that authenticates based on the authentication information, and an authentication result registration unit 215 that registers an authentication result are entered. An inquiry receiving unit 217 that receives a user inquiry and an entrance information transmitting unit 219 that transmits entrance information are included.

  The authentication information receiving unit 211 receives authentication information from the input terminal 250. When the user inputs whether to enter or leave the input terminal 250 and causes the IC card or magnetic card to be carried to be read by the input terminal 250, the input terminal 250 reads the authentication information stored in the IC card or magnetic card. The read authentication information and an entrance / exit signal indicating whether to enter or leave the room are transmitted to the authentication apparatus 200. The authentication information receiving unit 211 receives authentication information and an entry / exit signal transmitted from the input terminal 250. Upon receiving the authentication information and the entry / exit signal, the authentication information receiving unit 211 outputs them to the authentication unit 202.

  When the authentication information and the entry / exit signal are input from the authentication information reception unit 211, the authentication unit 213 compares the input authentication information with the authentication information stored in advance in the HDD 207. As a result of the comparison, if both match, authentication is performed, but if they do not match, authentication is not performed. When the authentication unit 213 receives an entry / exit signal indicating entry into the room and authenticates, the authentication unit 213 outputs the entry / exit signal and the authentication result to the authentication result registration unit 215 and outputs an unlock signal to the input terminal 250. When receiving the venue signal, the input terminal 250 unlocks the door 3 and allows the user to enter the room 1 from the door 3. When the authentication unit 213 receives an entry / exit signal indicating exit and authenticates, the authentication unit 213 outputs the entrance / exit signal and the authentication result to the authentication result registration unit 215 and outputs an unlock signal to the input terminal 250. When receiving the unlock signal, the input terminal 250 unlocks the door 3 and allows the user to leave the room 1 from the door 3. If the authentication unit 213 does not authenticate, the authentication result registration unit 215 outputs the entry / exit signal and the authentication result to the authentication result registration unit 215. Since the unlock signal is not transmitted to the input terminal 250, the door 3 is not unlocked, so that an unauthorized user can be prevented from entering the room 1 and can be prevented from leaving the room 1.

  When the entry / exit signal and the authentication result are input, the authentication result registration unit 215 stores in the HDD 107 the entry or exit for each user. Specifically, when an entry / exit signal indicating entry is input, the user ID of the authenticated user and the time at that time are stored as the entry time. A record including the user ID and the room entry time is added to the room entry state table stored in the HDD 107. When an entry / exit signal indicating exit is input, the time at that time is stored as the user ID and exit time of the authenticated user. A record including the user ID and the leaving time is added to the room entry state table stored in the HDD 107. The user ID of the user existing in the room 1 can be specified from the entry time and the exit time stored for each user ID in the HDD 107.

  Although an example in which authentication information is recorded on an IC card or a magnetic card is shown here, a combination of a user ID and a password, biometric information such as a fingerprint may be used as authentication information. In this case, the input terminal 250 is equipped with a reading device suitable for reading the authentication information.

  Inquiry reception unit 217 receives an inquiry signal from MFP 100 and outputs the received inquiry signal to room entry information transmission unit 219. The inquiry signal includes a user ID. When the inquiry signal is input, the room entry information transmission unit 219 refers to the room entry state table stored in the HDD 107 and determines whether or not the user with the user ID has entered the room 1. If there is a record that includes a user ID and the entry / exit time is before the current time, and there is no record that includes the user ID and the exit time after the entry time, the user It is determined that the user with the ID has entered the room 1. In other cases, specifically, a record that includes a user ID, and there is no record whose entry / exit time is earlier than the current time, or a record that includes a user ID, and the entry / exit time is greater than the current time. Even if there is a previous record, if there is a record of an exit time after the entrance time, it is determined that the user with the user ID has not entered the room 1. The room entry information transmission unit 219 sends room entry information including the user ID and the room entry status indicating whether or not the room has been entered, to the MFP 100 that has transmitted the room entry status inquiry signal.

  FIG. 5 is a functional block diagram showing an overview of the functions of the CPU provided in the MFP. Referring to FIG. 5, CPU 111 provided in MFP 100 includes an operation receiving unit 51 for receiving an operation input by the user, a user authentication unit 53 for authenticating the user, and entering the room 1 of the authenticated user. A room entry information obtaining unit 55 for obtaining a situation, a function executing unit 59 for executing a function based on an operation input by the login user, a function restricting unit 57 for restricting a function executed by the function executing unit 59, including.

  The operation accepting unit 51 accepts an operation input by the user to the operation unit 115, or when the MFP 100 is remotely operated from another PC 301, 303, 311, 313, the operation accepting unit 51 is the data communication control unit 117. Accept operations from. Since MFP 100 permits use only by a predetermined user, MFP 100 requests the user to log in before accepting an operation for executing a function. Specifically, when receiving an operation from the operation unit 115, the operation reception unit 51 displays a login screen on the display unit 114 and prompts the user to input a user ID and a password. The user ID and password that the user inputs to the operation unit 115 according to the login screen are accepted. When the MFP 100 is remotely operated from the PCs 301, 303, 311, and 313, the CPU 111 transmits a login screen to the remote operation source device, and the data communication control unit 117 receives from the remote operation source device. The operation reception unit 51 receives the user ID and authentication information from the data communication control unit 117.

  The operation reception unit 51 outputs the user ID and password received from the operation unit 115 or the data communication control unit 117 to the user authentication unit 53, and receives a success signal indicating that the authentication is successful from the user authentication unit 53. On that condition, an operation that is subsequently input to the operation unit 115 or an operation that the data communication control unit 117 receives from the remote operation source device is received. After the user authentication unit 53 authenticates and the login is permitted, the operation reception unit 51 receives an operation that the operation reception unit 51 receives until the logout instruction is input thereafter. Accept as. The operation reception unit 51 outputs the received operation to the function execution unit 59.

  When receiving a failure signal indicating that the authentication has failed from the user authenticating unit 53, the operation accepting unit 51 displays an error message on the display unit 114 or an error from the data communication control unit 117 to the remote operation source device. Send a signal and disallow login. This prevents unauthorized users from logging in to MFP 100 from operation unit 115, or from logging in by remote operation from PCs 301, 301, 311, and 313.

  The user authentication unit 53 receives the user ID and password from the operation reception unit 51. MFP 100 stores a pair of a user ID and a password of a user who is permitted to use MFP 100 in HDD 116. The user authentication unit 53 compares the set of user ID and password input from the operation receiving unit 51 with the set of user ID and password stored in the HDD 116. All user IDs and passwords stored in the HDD 116 are compared. As a result of the comparison, if a pair that matches the pair of the user ID and password input from the operation reception unit 51 is stored in the HDD 116, the user ID and the success signal are authenticated, and the operation reception unit 51 and the room information acquisition unit 55 are authenticated. Although it outputs to the function restriction | limiting part 57, if it fails, a failure signal is output to the operation reception part 51. FIG.

  When the user ID and the success signal are input from the user authentication unit 53, the entrance information acquisition unit 55 receives an inquiry signal in order to check whether the user specified by the user ID has entered the room 1 or not. It transmits to the authentication apparatus 200 and receives room entry information. Specifically, the data communication control unit 117 transmits an inquiry signal to the authentication device 200, and accepts room entry information received from the authentication device 200 by the data communication control unit 117. The inquiry signal includes a user ID input from the user authentication unit 53. The room entry information includes a user ID and a room entry state indicating whether the room is entered. The room entry information acquisition unit 55 outputs the room entry state included in the room entry information acquired from the authentication device 200 to the function restriction unit 57.

  The function restriction unit 57 receives a user ID and a success signal from the user authentication unit 53, and receives an entry state from the entry information acquisition unit 55. The function restriction unit 57 outputs a restriction signal for restricting the function to be executed to the function execution unit 59 when the entry state indicates that the room 1 is not in the room 1, and the entry state is in the room 1 Is not output to the function execution unit 59. The restriction signal includes, for example, restriction of contents displayed on the display unit 114, restriction of image forming function, restriction of data transmission, and restriction of access to data stored in the HDD 116.

  The function execution unit 59 receives an operation from the operation reception unit 51 and a restriction signal from the function restriction unit 57. The function execution unit 59 executes the function according to the operation input from the operation accepting unit 51 if no limit signal is input from the function limiting unit 57, but is limited when the limit signal is input from the function limiting unit 57. The function is executed in accordance with the operation input from the operation receiving unit 51 within the specified range.

  The function execution unit 59 includes a data management unit 61 for managing data stored in the HDD 116, an image formation control unit 63 for controlling the image forming unit 30, and a screen control unit for determining a menu screen. 65 and a data transmission unit 67 for controlling data transmission.

  When an operation for accessing data stored in the HDD 116 is input, the data management unit 61 accesses the data according to the operation, reads the data, and outputs the data. When an operation is input from the operation unit 115, data is displayed on the display unit 114. When an operation is received by the data communication control unit 117, the data is transmitted to the PC that has transmitted the operation via the data communication control unit 117. Send data. The HDD 116 includes a personal area assigned for each user and a group area commonly assigned to a plurality of users. The data management unit 61 permits reading of data stored in the personal area and group area assigned to the user permitted to log in, but the data from the personal BOX and group BOX not assigned to the login user. Reading is not permitted.

  When the restriction signal is input from the function restriction unit 57, the data management unit 61 prohibits access to the data stored in the HDD 116. The prohibition of access is, for example, prohibition of access to all or a part of data stored in the HDD 116. Some data is, for example, executed history information, personal information, and the like. By prohibiting access to all or part of the data, even if a person who has not entered the room 1 has illegally logged in remotely from the PCs 311 and 313, for example, access to data containing confidential information Since it cannot be performed, it is possible to prevent leakage of confidential information.

  The screen control unit 65 determines a menu screen to be displayed on the display unit 114 or transmitted to the remote operation source device. When the output of the menu screen is requested, the screen control unit 65 selects one of a plurality of menu screens stored in advance in the HDD 116 and displays the selected menu screen on the display unit 114 or remotely. Sent to the operation source device. If the restriction signal is not input from the function restriction unit 57, the screen control unit 65 selects a menu screen including all items, but if the restriction signal is input from the function restriction unit 57, some items are selected. Select the menu screen that contains it. For example, when prohibiting access to data stored in the HDD 116, a menu screen that does not include an item for transitioning to a screen for operating data is selected. When restricting browsing of the function execution history, a menu screen that does not include an item for transitioning to a screen displaying the function execution history is selected.

  When an operation for printing data stored in the HDD 116 or data received by the data communication control unit 117 is input, the image formation control unit 63 outputs the data to the image formation unit 30 according to the operation, and the image formation unit 30 to print. When the restriction signal is not input from the function restriction unit 57, the image formation control unit 63 causes the image formation unit 30 to print the data stored in the HDD 116 or the data received by the data communication control unit 117. When a restriction signal is input from 57, the image forming unit 30 is restricted from printing data stored in the HDD 116. As a result, it is possible to execute only effective image formation only when a user exists in the room 1, and there is no user in the room 1, and an image forming operation is erroneously performed by remote operation from the external PCs 311 and 313. Can be prevented.

  The data transmission unit 67 transmits the data stored in the HDD 116 to another device. In addition, data is attached to an e-mail and transmitted. MFP 100 stores in HDD 116 an address book in which data destination information is stored in advance. The address book includes a user ID and a destination address. The transmission destination address is an electronic mail address, the IP address of the PCs 301, 303, 311, and 303, or the like. Here, an example in which the transmission destination address is an e-mail address will be described.

  When a data transmission instruction is received from the PC used by the remote operation by the user permitted to log in among the operation unit 115 or the PCs 301, 303, 311, and 313, the data transmission unit 67 stores the data in the HDD 116 according to the data transmission instruction. An email with the attached data is generated and sent to the email server. When a restriction signal is input from the function restriction unit 57, the data transmission unit 67 transmits data in accordance with a transmission instruction whose destination is the user's e-mail address that exists in the room 1. Data is not transmitted according to the transmission instruction destined for the e-mail address.

  Since the user who has entered the room 1 is authenticated by the authentication device 200, the possibility of being an unauthorized user is low. Therefore, by restricting the data transmission destinations to the users inside the room 1, it is possible to prevent the data that needs to be sent only to the users inside the room 1 from being accidentally transmitted to the outside. , Destination input mistakes are prevented. Further, it is possible to prevent data including highly confidential information from being transmitted to the outside due to an operation by an unauthorized login user outside the room 1.

  FIG. 6 is a flowchart illustrating an example of the flow of the login acceptance process. The login acceptance process is a process executed by CPU 111 when CPU 111 of MFP 100 executes a function restriction program stored in ROM 113. Referring to FIG. 6, it is determined whether authentication information has been accepted (step S01). Here, the authentication information is a user ID and a password. When the authentication information is input to the operation unit 115, the authentication information is received from the operation unit 115. Authentication information is received from the data communication control unit 117 when receiving authentication information from the car. The process waits until the authentication information is received. When the authentication information is received, the process proceeds to step S02. That is, the login acceptance process is a process that is executed on condition that authentication information is accepted.

  In step S02, in order to confirm whether or not the user specified by the user ID of the accepted authentication information has entered the room 1, the authentication apparatus 200 is inquired about entering the room. Specifically, an inquiry signal including the user ID is transmitted to the authentication device 200. And it will be in a standby state until entry information is received from the authentication device 200 (NO in step S03), and when entry information is received, the process proceeds to step S04 (YES in step S03). The room entry information includes a user ID and a room entry state indicating whether the room is entered.

  In step S04, the accepted authentication information is authenticated. Specifically, the set of user ID and password included in the authentication information received in step S01 is compared with the set of user ID and password stored in advance in HDD 116. In the next step S05, it is determined whether or not the authentication is successful. If a pair that matches the combination of the user ID and password included in the authentication information received in step S01 is stored in HDD 116, authentication is performed and the process proceeds to step S06. If not, the process proceeds to step S10. .

  In step S10, an error process is executed and the process ends. In the error process, for example, when authentication information is input from the operation unit 115, an error message “Login is not possible” is displayed on the display unit 114. When the authentication information is received from any of the PCs 301, 303, 311, and 313 by the data communication control unit 117, an error message “cannot log in” is transmitted to the PC that has transmitted the authentication information. This is to prevent an unauthorized user from using MFP 100 by accepting an operation for instructing execution of a function on condition that correct authentication information is input.

  In step S06, the login of the user with the authenticated user ID is permitted. Hereinafter, a user permitted to log in is referred to as a login user. When the login is permitted, the operation input to the operation unit 115 or the data communication control unit 117 until the user inputs a logout instruction or until a predetermined time elapses without an operation being input. An operation received from the same PC is handled as an operation by a login user.

  In step S07, based on the room entry information received in step S03, it is determined whether or not the user having the user ID included in the authentication information received in step S01 is in the room 1. If it is in room 1, the process proceeds to step S08. If not, the process proceeds to step S09.

  In step S09, no function restriction is set, and the process ends. In step S09, the function restriction is set and the process ends.

  FIG. 7 is a flowchart illustrating an example of the flow of the function restriction process. The function restriction process is a process executed by CPU 111 when CPU 111 of MFP 100 executes a function restriction program stored in ROM 113. Referring to FIG. 7, it is determined whether a print instruction has been accepted (step S21). If a print instruction is accepted, the process proceeds to step S22; otherwise, the process proceeds to step S25.

  In step S <b> 22, it is determined whether the login user who has given the print instruction has entered the room 1. Based on the room entry information received from the authentication device 200, it is determined whether or not the login user has entered the room 1. If the logged-in user has entered room 1, the process proceeds to step S23; otherwise, the process proceeds to step S24. In step S23, printing is performed according to the print instruction, and the process proceeds to step S25. On the other hand, in step S24, error processing is executed, and the process proceeds to step S25. In the error processing, for example, a message for notifying the user that printing cannot be performed is displayed or transmitted.

  In step S25, it is determined whether a data transmission instruction has been accepted. If a data transmission instruction is accepted, the process proceeds to step S26; otherwise, the process proceeds to step S31. In step S26, designation of a data transmission destination is accepted. Here, the destination will be described using an e-mail address as an example. In step S27, it is determined whether the logged-in user who has instructed data transmission has entered the room 1. Based on the entry information received from the authentication device 200, it is determined whether or not the login user has entered the room 1. If the logged-in user has entered room 1, the process proceeds to step S28; otherwise, the process proceeds to step S30.

  In step S30, it is determined whether or not the user assigned the e-mail address designated as the destination has entered the room 1. The user ID of the user of the destination e-mail address is acquired from the address book stored in HDD 116, and an inquiry signal including the user ID is transmitted to authentication apparatus 200. The room entry information is received from the authentication device 200. Based on this room entry information, it is determined whether or not the user assigned the e-mail address designated as the destination has entered the room 1. If the user with the e-mail address specified as the destination has entered room 1, the process proceeds to step S28; otherwise, the process proceeds to step S31.

  In step S28, data transmission to the destination address is permitted. Specifically, transmission of an e-mail addressed to the e-mail address accepted as the address in step S26 is permitted. In the next step S29, data is transmitted according to the data transmission instruction, and the process proceeds to step S32. On the other hand, in step S31, an error process is executed, and the process proceeds to step S32. In the error processing, for example, a message for notifying the user that data cannot be transmitted to a specified destination is displayed or transmitted. The user who is not in the room 1 is prohibited from sending data to the e-mail address of the user who is not in the room 1. As a result, it is possible to prevent the user who is not in the room 1 from transmitting data including confidential information to an incorrect destination and to prevent an unauthorized user from transmitting data to the outside by remote operation.

  In step S32, it is determined whether an instruction to display a menu screen has been accepted. If a menu screen display instruction is accepted, the process proceeds to step S33; otherwise, the process proceeds to step S36.

  In step S33, it is determined whether or not the login user who has instructed to display the menu screen has entered the room 1. Whether or not the login user has entered the room 1 is determined based on the room entry information received from the authentication device 200 in step S03 in FIG. If the logged-in user has entered room 1, the process proceeds to step S34; otherwise, the process proceeds to step S35. In step S34, a menu screen including items including a selection menu for all functions is displayed.

  On the other hand, in step S35, a menu screen including a selection menu with some functions restricted as items is displayed. When a menu screen display instruction is input from the operation unit 115, the menu screen is displayed on the display unit 114, and the data communication control unit 117 determines whether the PC 301, 303, 311 or 313 is reversed. When a menu screen display instruction is received from, the menu screen is transmitted to the PC that has transmitted the menu screen display instruction. For example, when a user who is not in the room 1 logs in from any of the PCs 311 and 313, the selection menu for all functions is not included. A selection menu in which designation of some functions is restricted is displayed on one of the PCs 311 and 313. For this reason, since the selection menu of the restricted function cannot be selected, an instruction for executing the function cannot be input. When a logged-in user who is not in the room 1 performs remote control, by limiting the functions that can be executed, an unauthorized user can illegally obtain data stored in the HDD 116 or illegally obtain personal information. Can be prevented.

  FIG. 8A and FIG. 8B are first diagrams showing an example of a menu screen. FIG. 8A illustrates an example of a menu screen in which items to be displayed are not limited, and FIG. 8B illustrates an example of a menu screen in which items to be displayed are limited. Referring to FIG. 8B, as compared with the menu screen shown in FIG. 8A, includes an item in which characters of “box” for transition to a box operation screen for operating a box are represented. Absent. The menu screen shown in FIG. 8B does not include an item in which the characters “box” for transitioning to a box operation screen for operating a box are included, so that box operation can be prohibited.

  Returning to FIG. 7, in step S36, it is determined whether or not a box operation instruction is accepted. If a box operation instruction is accepted, the process proceeds to step S37; otherwise, the process proceeds to step S39.

  In step S <b> 37, it is determined whether the login user who has instructed the box operation has entered the room 1. Based on the room entry information received from the authentication device 200, it is determined whether or not the login user has entered the room 1. If the logged-in user has entered room 1, the process proceeds to step S38; otherwise, the process proceeds to step S39. In step S38, a box operation screen for operating all boxes is displayed. On the other hand, in step S39, a box operation screen that restricts the operation of some boxes is displayed. For example, when a user who is not in the room 1 logs in from any of the PCs 311 and 313, the box operation screen in which the operation of some boxes is restricted without allowing the operation of all the boxes is displayed on the PCs 311 and 313. Displayed on one of the displays. For this reason, it is not possible to perform limited operations on the box. When a logged-in user who is not in the room 1 performs remote operation, by restricting operations to the box, an unauthorized user can access data stored in the HDD 116 or store unauthorized data in the HDD 116. It is possible to prevent acts such as doing.

  FIG. 9A and FIG. 9B are diagrams illustrating an example of the box operation screen. FIG. 9A shows a box operation screen in which the box operation is not restricted, and FIG. 9B shows a box operation screen in which the box operation is partially restricted. Referring to FIG. 9B, as compared with the box operation screen shown in FIG. 9A, an item in which “Create box” for creating a new box is not included. Using the box operation screen shown in FIG. 9B, an operation for creating a new box cannot be instructed.

  Returning to FIG. 7, in step S <b> 40, it is determined whether a history browsing instruction has been accepted. The history is a history of functions executed by the function execution unit 59. The type of function, the user ID of the instructing user, the date and time when the function was executed, the file name of the data to be executed, the number of pages, Including state. If a history browsing instruction is accepted, the process proceeds to step S41. If not, the process returns to step S21.

  In step S <b> 41, it is determined whether or not the logged-in user who has instructed browsing the history has entered the room 1. Based on the room entry information received from the authentication device 200, it is determined whether or not the login user has entered the room 1. If the logged-in user has entered room 1, the process proceeds to step S42; otherwise, the process proceeds to step S43. In step S42, the entire history is displayed. On the other hand, in step S43, the history is displayed by restricting the display of the history or restricting some of the items to be displayed. For example, when a user who is not in the room 1 logs in from any of the PCs 311 and 313, display of the history is not permitted or partial display is not permitted. For this reason, it is possible to prevent an unauthorized user from browsing the history and knowing personal information or data flow.

  FIG. 10A and FIG. 10B are second diagrams showing an example of the menu screen. FIG. 10A shows a menu screen in which items to be displayed are not restricted, and FIG. 10B shows a menu screen in which items to be displayed are restricted. Referring to FIG. 10 (B), as compared with the menu screen shown in FIG. 10 (A), it does not include an item in which the characters “job” for transitioning to the screen for displaying the history are displayed. The menu screen shown in FIG. 10B does not include an item in which the characters “job” for transitioning to the history display screen are included, and thus the history display screen cannot be displayed. It is possible to prohibit browsing the entire history.

  FIG. 11A and FIG. 11B are first diagrams illustrating an example of a history display screen. FIG. 11A shows a history display screen in which item display is not restricted, and FIG. 11B shows a history display screen in which item display is partially restricted. Referring to FIG. 11B, items of user name and file name are not displayed as compared with the history display screen shown in FIG. For this reason, the user who instructed the execution of the function and the data that is the target of the execution of the function cannot be known.

  12A and 12B are second diagrams illustrating an example of a history display screen. 12A shows a history display screen in which item display is not restricted, and FIG. 12B shows a history display screen in which item display is partially restricted. The history display screen shown in FIG. 12B shows a history display screen when a user whose user name (user ID) is “aaa” logs in. Referring to FIG. 12B, as compared with the history display screen shown in FIG. 12A, records with job numbers 000002 to 000007 are not displayed, and the job number with user name “aaa” is 000001. And only records 000008 are displayed. For this reason, although the log | history relevant to a login user is displayed, since the log | history of others is not displayed, it can prevent that the log | history of the function which the other person instructed execution and was performed is known.

<Modification>
FIG. 13 is a flowchart illustrating an example of the flow of a login acceptance process in the modification. The difference from the login acceptance process shown in FIG. 6 is that step S06 is deleted, and step S08A and step S09A are executed instead of step S08 and step S09, respectively. Since the other processes are the same as the login acceptance process shown in FIG. 6, the description will not be repeated here.

  If it is determined in step S05 that the authentication is successful, the process proceeds to step S07. If it is determined in step S07 that the logged-in user is present in room 1, the process proceeds to step S08A. If not, the process proceeds to step S09A. In step S08A, login is permitted, but in step S09A, error processing similar to that in step S10 is executed without allowing login. In MFP 100 in the modification, the function restriction process shown in FIG. 7 is not executed.

  In order to prohibit a user who is not in the room 1 from logging in, the act of logging in from outside the room 1 using, for example, the PCs 311 and 313 is prohibited. For this reason, unauthorized users can be prohibited from logging in from the outside, and security can be improved.

  In the above-described embodiment, the MFP 100 has been described as an example of the information processing apparatus. However, a function restriction method or a function restriction method for executing the processing illustrated in FIG. 6, FIG. 7, or FIG. It goes without saying that the invention can be understood as a function restriction program for causing a computer to execute it.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

<Appendix>
(1) The information processing apparatus according to claim 2, wherein the function restriction unit does not transmit the operation screen when the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication apparatus.
(2) If the same user as the user who has been successfully authenticated by the authentication unit is not authenticated by the authentication device, the function restriction unit transmits the operation when the user is authenticated by the authentication device. The information processing apparatus according to claim 2, wherein an operation screen with fewer screen setting items is transmitted.
(3) The information processing apparatus according to claim 4, wherein the function restriction unit prohibits access to the storage unit.
(4) The information processing apparatus according to claim 4, wherein the function restriction unit prohibits a new storage area from being generated in the storage unit.
(5) The function restriction unit stores history information including personal information of a user who has instructed execution of the function, and includes only history information including personal information of the user authenticated by the authentication unit among the history information. The information processing apparatus according to claim 5, wherein access is permitted.
(6) The storage means stores history information including personal information of a user who has instructed execution of the function,
The information processing apparatus according to claim 5, wherein the function restriction unit prohibits access to personal information included in the history information.
(7) A function restriction method executed by an information processing device connected to an authentication device,
Authenticating the operator;
Obtaining an authentication result by the authentication device;
When the same user as the user is authenticated by the authentication device, and when the user is not authenticated by the authentication device, the function that allows the user authenticated in the authentication step to be executed, And a function limiting method including different steps.
(8) There is a function restriction method executed by an information processing device connected to an authentication device,
Authenticating the operator;
Obtaining an authentication result by the authentication device;
Permitting login on the condition that the user authenticated by the authentication step is authenticated by the authentication device.
(9) A function restriction program executed by an information processing apparatus connected to the authentication apparatus,
Authenticating the operator;
Obtaining an authentication result by the authentication device;
When the same user as the user is authenticated by the authentication device, and when the user is not authenticated by the authentication device, the function that allows the user authenticated in the authentication step to be executed, A function restriction program that causes a computer to execute different steps.
(10) A function restriction program executed by an information processing apparatus connected to the authentication apparatus,
Authenticating the operator;
Obtaining an authentication result by the authentication device;
A function restriction program for causing a computer to execute a step of permitting login on condition that the user authenticated by the authentication step is authenticated by the authentication device.

1 is a diagram showing an overall outline of an authentication system in one embodiment of the present invention. It is a figure which shows an example of the hardware constitutions of an authentication apparatus. 2 is a block diagram illustrating an example of a hardware configuration of an MFP. FIG. It is a functional block diagram which shows an example of the function which CPU with which an authentication apparatus is provided. 2 is a functional block diagram illustrating an overview of functions of a CPU included in an MFP. FIG. It is a flowchart which shows an example of the flow of a login reception process. It is a flowchart which shows an example of the flow of a function restriction | limiting process. It is a 1st figure which shows an example of a menu screen. It is a figure which shows an example of a box operation screen. It is a 2nd figure which shows an example of a menu screen. It is a 1st figure which shows an example of a log | history display screen. It is a 2nd figure which shows an example of a log | history display screen. It is a flowchart which shows an example of the flow of the login reception process in a modification.

Explanation of symbols

  1 room, 3 doors, 10 ADF, 11 facsimile unit, 13 communication control unit, 20 image reading unit, 30 image forming unit, 40 paper feeding unit, 50 post-processing unit, 51 operation receiving unit, 53 user authentication unit, 55 entry Information acquisition unit, 57 function restriction unit, 59 function execution unit, 61 data management unit, 63 image formation control unit, 65 screen control unit, 67 data transmission unit, 101 main circuit, 111 CPU, 112 RAM, 113 ROM, 114 display Unit, 115 operation unit, 116 HDD, 117 data communication control unit, 119A memory card, 200 authentication device, 201 CPU, 202 communication I / F, 203 monitor, 204 input unit, 205 RAM, 206 ROM, 207 HDD, 209 bus 211 Authentication information reception unit, 213 authentication unit, 215 authentication result registration unit 217 inquiry reception unit, 219 entry information transmitting unit, 250 input terminal.

Claims (10)

An information processing device connected to the authentication device,
An authentication means for authenticating the operator;
Authentication result acquisition means for acquiring an authentication result by the authentication device;
When the same user as the user is authenticated by the authentication device, and when the user is not authenticated by the authentication device, the function that allows the user authenticated by the authentication means to be executed. An information processing apparatus comprising: a function limiting unit that is different. A communication means for communicating with a communication terminal connected to the network;
Based on authentication information received from the communication terminal, further comprising an operation screen transmission means for transmitting an operation screen to the communication terminal when authentication by the authentication means is successful,
When the same user as the user who has been successfully authenticated by the authentication unit has not been authenticated by the authentication device, the function restriction unit has the operation screen compared to a case where the user has been authenticated by the authentication device. The information processing apparatus according to claim 1, wherein the operation screen that can be transmitted by a transmission unit is limited.   The information processing apparatus according to claim 1, wherein the information processing apparatus is set in a room in which the authentication apparatus manages user entry and exit. A storage means for storing data;
The information processing apparatus according to claim 1, wherein the function restriction unit restricts an access right to the storage unit when the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication device. . Function execution means for executing processing under set conditions;
History storage means for storing history information of functions executed by the function execution means,
The information according to claim 1, wherein the function restriction unit restricts access to the stored history information when the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication device. Processing equipment. A destination accepting means for accepting designation of a data destination;
Transmission means for transmitting data to the accepted destination,
When the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication device, the function restriction unit is authenticated by the authentication device for designation of a destination that can be received by the destination reception unit. The information processing apparatus according to claim 1, wherein the information processing apparatus is limited to only a user destination. An image forming means for forming an image;
2. The function limiting unit according to claim 1, wherein when the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication device, the function limiting unit limits a function of forming an image by the image forming unit. Information processing device. A storage means for storing data;
The function restricting unit prohibits image formation by the image forming unit based on data stored in the storage unit when the same user as the user successfully authenticated by the authentication unit is not authenticated by the authentication device. The information processing apparatus according to claim 7. An information processing device connected to the authentication device,
An authentication means for authenticating the operator;
Authentication result acquisition means for acquiring an authentication result by the authentication device;
An information processing apparatus comprising: a log-in permission unit that permits log-in on condition that the user authenticated by the authentication unit is authenticated by the authentication device. An operation panel for receiving authentication information;
The information processing apparatus according to claim 9, wherein the authentication unit performs authentication based on authentication information received by the operation panel.

Images